PDA

View Full Version : Java security Warning



katharinem
11-01-2013, 12:41 PM
Heard about this on the midday news and found this from Reuters. Seems genuine. Any comments?

http://uk.reuters.com/article/2013/01/10/us-java-security-idUKBRE90919X20130110

KarameaDave
11-01-2013, 12:53 PM
I have had it disabled on all PCs here since the last round of vulnerabilities which
were unsuccessfully patched by Oracle.

It is a mess.

autechre
11-01-2013, 02:37 PM
Disable Java in all your browsers, if it's not already :)

Firefox 17 onwards has click-to-play for plugins, but I'm not sure if it means you're safe from such vulnerabilities.

wainuitech
11-01-2013, 04:30 PM
The questions should be - why is it that its only being brought up now, and people are being warned. Most of the security companies as well as Oracle have known about since it was discovered last year August 22nd ?

Why haven't Oracle patched it yet ?

SP8's
11-01-2013, 05:24 PM
Why haven't Oracle patched it yet ?

Too busy patching the boat they smashed up ... :D

cowboy stu
11-01-2013, 05:34 PM
I need it operate banking site . Uninstalled it then had to reinstall to progress on ANZ site ??

Paul.Cov
11-01-2013, 06:28 PM
Soooo.... what do I need to disable?

Just Java?
Or Java Scripts
Or Both?

TIA

Trev
11-01-2013, 08:24 PM
Java and Java Scripts are two different things.
:)

FoxyMX
11-01-2013, 10:11 PM
Soooo.... what do I need to disable?

Just Java?
Or Java Scripts


Just Java. If you come across sites that no longer work then just enable it for that site then disable again.

Paul.Cov
12-01-2013, 07:03 AM
Thanks.

linw
12-01-2013, 10:38 PM
The questions should be - why is it that its only being brought up now, and people are being warned. Most of the security companies as well as Oracle have known about since it was discovered last year August 22nd ?

Why haven't Oracle patched it yet ?

Yea, wondered why it was reported now. Figured a reporter had a few column cm's to fill in a hurry so did an Internet copy/paste!

fred_fish
12-01-2013, 10:49 PM
I need it operate banking site . Uninstalled it then had to reinstall to progress on ANZ site ??
Vote with your wallet and change to a bank that doesn't use insecure technology.

zqwerty
13-01-2013, 07:06 AM
Firefox disables Java plugins

http://www.warp2search.net/news/story/firefox_disables_java_plugins.html

cowboy stu
13-01-2013, 08:24 AM
Vote with your wallet and change to a bank that doesn't use insecure technology.

Not as simple as that ... they need me !

advena
13-01-2013, 02:12 PM
Some good coverage of the problem and instructions on ZNet yesterday -

http://www.zdnet.com/homeland-security-warns-to-disable-java-amid-zero-day-flaw-7000009713/?s_cid=e589

SanChippy
13-01-2013, 06:11 PM
Disable Java in all your browsers, if it's not already :)

Firefox 17 onwards has click-to-play for plugins, but I'm not sure if it means you're safe from such vulnerabilities.

Java is not Javascript. No need to disable it, in fact you have to go into Control Panel to disable Java

autechre
14-01-2013, 08:38 AM
Java is not Javascript. No need to disable it, in fact you have to go into Control Panel to disable Java
Please tell me where I said javascript in my reply. I said disable Java, and it can be done in the browser - no need to disable it for the whole system since some apps may need it.

Click on the Firefox menu (top-left), go to Add-Ons, click Plugins and find the Java(TM) Platform SE etc plugin - click Disable. Done.

autechre
14-01-2013, 10:15 AM
Looks like Mozilla has enabled "click-to-play" for the last few iterations of the java plugin:
https://blog.mozilla.org/security/2013/01/11/protecting-users-against-java-vulnerability/

Speedy Gonzales
14-01-2013, 11:09 AM
And it looks like FF disables it even if its installed. Well it did here, so I uninstalled it. Since under addons / plugins it said the version is vulnerable. If its 7 update 10

Agent_24
14-01-2013, 11:11 AM
So, Java is not only a piece of lagware it's also now full of holes? Lovely.

Speedy Gonzales
14-01-2013, 11:14 AM
Nothing is holeproof these days. It doesnt matter if its software, socks or underwear :p

Speedy Gonzales
14-01-2013, 11:45 AM
Looks like its just been updated (http://www.java.com/en/download/manual.jsp). If you had 7 update 10. Looks like 6 is still 6 update 38

Agent_24
14-01-2013, 12:20 PM
Nothing is holeproof these days. It doesnt matter if its software, socks or underwear :p

But when the holes don't get patched after months...

Bobh
14-01-2013, 01:05 PM
Looks like its just been updated (http://www.java.com/en/download/manual.jsp). If you had 7 update 10. Looks like 6 is still 6 update 38
I just downloaded version 7 update 11.

Lawrence
14-01-2013, 01:20 PM
See version version 7 update 11 asks you if you want to run java on any web page that uses java

See also it has not addressed all security holes

http://news.cnet.com/8301-1009_3-57563730-83/oracle-releases-software-update-to-fix-java-vulnerability/

Speedy Gonzales
17-01-2013, 03:28 PM
Looks like 7 update 11 has a zero day vulnerability too. And hackers are selling it for up to 5K. So, you may have to install 6 update 38. Which, I dont think is affected by these vulnerabilities. If you want it.

But, it looks like the 6 updates are going to end sometime in Feb. So, after Feb, if these vulnerabilities are still around, you'll have to use version 7. Or nothing at all

zqwerty
18-01-2013, 09:28 PM
Malware masquerades as patch for Java

http://www.computerworld.com/s/article/9235946/Malware_masquerades_as_patch_for_Java?source=rss_l atest_content&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+computerworld%2Fnews%2Ffeed+% 28Latest+from+Computerworld%29